Protect Your Small Business From Cyberattacks

Eight proven practices for reducing your company’s risk of becoming a cybercrime victim

By Rakesh Gupta, COO of biBERK

If you’re a small business owner or a key decision-maker, you probably wear many hats and have a never-ending list of “to-do” items. And while “assess and address cybersecurity risks” is likely on there, this critical task may not find its way to the top of a list dominated by critical daily operational issues.

That’s partly because many small business owners mistakenly assume that cyberattacks only target larger companies. That’s a reasonable assumption. After all, those organizations have more information and resources for a cybercriminal to steal.

However, do a quick internet search on “cyberattacks and small businesses,” and you’ll find many studies, reports and expert opinions that agree on a crucial point: Cybercriminals see small companies as prime targets.

Why is that? There are many reasons, including that small businesses:

• Often have less-robust digital defenses
• Typically don’t have a person focused on cybersecurity
• May share online accounts (and the associated passwords) to save money
• Frequently believe they’re too small to interest cybercriminals

“The reality is that you might have cybercriminals probing your digital defenses right now and not know it until you’ve suffered a costly cybersecurity breach,” says Peter Shelley, my colleague and president at biBERK, a Berkshire Hathaway Direct small business insurance company. “Fortunately, there are steps you can take today to reduce your risk and protect your data, people and business.”

An Unanticipated Uptick in Cyberattacks

Cyberattacks cost U.S. businesses billions of dollars annually. And the number of attacks and associated costs continue to rise.
Many cybersecurity experts point to the pandemic as a driver of significant increases in cybercrime in recent years. That’s not surprising, as cybercriminals surely recognized that abrupt shifts to working from home—necessary though they were—created significant vulnerabilities.
More data being transmitted to and from non-secure locations meant more opportunities for information to be intercepted. Bad actors also probably capitalized on security lapses like people working from their own poorly protected computers and unknowingly “opening the door” to their company’s network.

Same Strategies, Greater Sophistication

Cybercriminals use several tools to gain illegal access to devices, computers and networks. And while the list of strategies hasn’t changed much in recent years, the sophistication with which they’re executed continues to increase.
These tools include:

• Viruses: Small computer programs designed to enable access to data or destroy it that infect one computer and spread to connected devices like a disease
• Ransomware: A program that typically encrypts data on a compromised computer and keeps it inaccessible until the victim pays a ransom
• Spyware: Software that secretly gathers sensitive information and sends it to the cybercriminal
• Phishing: Where a cybercriminal’s email or website has a link that, when clicked, releases malicious software onto the device
  All of these forms of “malware” continually evolve in search of new ways to defeat the defenses developed for them.

Where Is Your Business Vulnerable? Identifying and Addressing Risks.

To be successful in business, companies must frequently evaluate weaknesses—in their product features, pricing, etc.—that their competitors can leverage to gain an advantage. This is something every business does, even if informally.

Unfortunately, companies don’t always take this type of ongoing-assessment approach to their cyber weaknesses. The good news is that if your business doesn’t, you can change that today by taking these eight actions:

1. Create a cybersecurity plan. This can be as simple as a document with a handful of practices for keeping your devices, network and data safe. You can also find templates for more detailed documents online, such as the Federal Communications Commission’s Cyberplanner (fcc.gov/cyberplanner).
2. Assess your cybersecurity measures regularly. You can do this following your own checklist, using the services of a cybersecurity company, or through a free vulnerability scanning service like that offered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
3. Train your employees. Everyone who uses your computers and other devices that could be compromised should understand the importance of not clicking on links in emails, avoiding suspicious downloads, using strong passwords, etc.
4. Secure your networks. Measures like using data encryption wherever and whenever possible, implementing an internet firewall and password-protecting your routers (to name a few) are essential.
5. Install antivirus software and keep it updated. Hackers continually modify their viruses, so it’s vital that you have the latest antivirus software active at all times.
6. Implement multi-factor authentication where appropriate. This is when a user must do more than enter their user ID and password to access a system. For example, they may be required to enter a code sent to their phone to complete the login process.
7. Protect and back up sensitive data. This includes having strong security measures in place, providing access only to employees that need it and having a copy of critical data somewhere removed from your system.
8. Provide remote employees with secure ways to share data. If team members need to collaborate remotely on sensitive information, you should provide them with a way to do that safely, such as using a secure cloud-based data-sharing service.

Don’t Become a Cybercrime Statistic

The numbers on cyberattacks and their toll on small businesses can be alarming. But being proactive and vigilant reduces your company’s risk of becoming a cybercrime victim.

“It’s also a good idea to have a plan for protecting your business financially in case a criminal gets past your defenses,” adds Shelley. “Cyber insurance is affordable, easily obtained and a valuable asset every company should have.”

About the Author

Rakesh Gupta is chief operating officer at biBERK, part of Warren Buffett’s Berkshire Hathaway company. biBERK specializes in commercial insurance for small businesses. In his role, Gupta focuses on simplifying the insurance buying experience using technology and process innovations that make it easier for small business owners to get the coverage they need. For more information, visit biberk.com.